Secured Internet Access through ASA

Unanswered Question
Dec 29th, 2006
User Badges:

I have cisco ASA firewall. I would like to have secured internet access through client to site vpn. I have configured the following

Inside Interface 192.168.2.0/24

DMZ1-->192.168.3.0/24. This interface connects to the internal interface of the VPN box

DMZ2-->192.168.4.0/24. This interface connects to the external interface of the VPN box

Outside-->192.168.6.1 is the interface IP and for testing i placed a workstation with IP address 192.168.6.2 to test the connectivity.

From inside i connected my system to 192.168.3.2(VPN BOX Inside IP Address) and got authenticated and infact got the VPN Pool of ip address 192.168.9.0/24.

When i try ping reach 192.168.6.2 (System placed in the outside interface) i am not able to

For communication between inside and DMZ1 for VPN authentication i configured the following

static (inside,DMZ1) 192.168.2.0 192.168.2.0

access-list dmzin permit ip 192.168.3.0 255.255.2555.0 192.168.2.0 255.255.255.0

access-group dmzin in interface DMZ1

The above statement wroks fine since i able to connect to the VPN box

In the router i added the statement for reverse route

route DMZ2 192.168.9.0 255.255.255.0 192.168.4.2(External Leg of VPN box connected to DMZ2 of ASA)

I am able to ping 192.168.9.x(VPN Pool IP Address) from the ASA box and hence communication is happening from ASA-->DMZ2-->VPN Box-->DMZ1-->Inside

When i give Access-list outbound permit ip any any

and Access-group outbound in interface outside

I am able to reach the outside System(192.168.6.2) without having nat or pat in place. Other than this command any command with source and destination defined is not working.


Can some one guide me how could i proceed to make sure that only after conneting through the VPN i should be able to access the internet.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion